[Share]Fix for steal anything exploit.

Xanderॐ · April 17, 2011

Code_ex the "RequestAnswerJoinParty.java" is not the best file for fix that

that make a target bug exploit (player cannot target the requestor without restart)

so this is the right fix:

Index: java/net/sf/l2j/gameserver/clientpackets/RequestJoinParty.java
===================================================================
--- java/net/sf/l2j/gameserver/clientpackets/RequestJoinParty.java	(revision 4430)
+++ java/net/sf/l2j/gameserver/clientpackets/RequestJoinParty.java	(working copy)
@@ -69,6 +69,18 @@
             return;
         }

        if (requestor.getFactionId() != target.getFactionId())
        {
        requestor.sendMessage("You cannot invite players from another faction.");
        return;
        }
       
+        if (target.getActiveTradeList() != null || requestor.getActiveTradeList() != null)
+		{
+			requestor.sendMessage("You can't invite players with active trade");
+			return;
+		}
+		
		if (target.isInParty())
         {
			SystemMessage msg = new SystemMessage(SystemMessageId.S1_IS_ALREADY_IN_PARTY);

I tested and work perfect!

Nope thats not the right fix :) Good try but it isnt :).

xtremex · April 17, 2011

Nope thats not the right fix :) Good try but it isnt :).

also, i did not see the exploit.. i only fixed the code he did

Xanderॐ · April 17, 2011

Ya, he was wrong. I showed him with phx a minute ago. That fix will not work at someone that knows how the exploit actually works. You can bypass it easily. Anyway diving deep in the code to see how else it can be exploited.

xtremex · April 17, 2011

Ya, he was wrong. I showed him with phx a minute ago. That fix will not work at someone that knows how the exploit actually works. You can bypass it easily. Anyway diving deep in the code to see how else it can be exploited.

if i get how work this exploit or anyone show to me in pm, maybe i can help or give a try

Xanderॐ · April 17, 2011

In simple words, L2ItemInstance.onAction is called by a spoofed Action packet and the server doesnt check if the item that gets onAction() called is actually allowed to get picked up. So you can pickup items that exist in other players inventories given the right priviladges ( party ). To fix it you need to check restrictions when someone tries to call onAction() of an ItemInstance.

I think thats enough information for someone that knows how things work to fix it.

An4rchy · April 19, 2011

In simple words, L2ItemInstance.onAction is called by a spoofed Action packet and the server doesnt check if the item that gets onAction() called is actually allowed to get picked up. So you can pickup items that exist in other players inventories given the right priviladges ( party ). To fix it you need to check restrictions when someone tries to call onAction() of an ItemInstance.

I think thats enough information for someone that knows how things work to fix it.

I am not sure if i have understood well, but if did, i have to tell you that in the exploit axaxa(i'm not laughing it's his name :D) doesn't say sth about picking up. Except if the OID thing stands for pick up or sth(?).

Azumaril$ · April 19, 2011

I am not sure if i have understood well, but if did, i have to tell you that in the exploit axaxa(i'm not laughing it's his name :D) doesn't say sth about picking up. Except if the OID thing stands for pick up or sth(?).

no....when he send the packet, the items is dropping in the ground and the player drop it auto(without press pick up)

PS: THIS FIX SUCKS :P....

mg13gr · April 19, 2011

@Code_Ex

Your fix is fail, seriously.

@Lelouche

Come on... We're maxCHEATERS, don't ruin the exploits boards, they're again popular..

Azumaril$ · April 19, 2011

@Code_Ex

Your fix is fail, seriously.

@Lelouche

Come on... We're maxCHEATERS, don't ruin the exploits boards, they're again popular..

yeap....you have right..i allready found how to bypass this shit xd ....really sucks

mg13gr · April 19, 2011

yeap....you have right..i allready found how to bypass this shit xd ....really sucks

Exactly, I have bypassed it already.

An4rchy · April 19, 2011

no....when he send the packet, the items is dropping in the ground and the player drop it auto(without press pick up)

PS: THIS FIX SUCKS :P....

While the player auto picks up, the trade window is still active?

Azumaril$ · April 19, 2011

While the player auto picks up, the trade window is still active?

no trade to be active need :)...if the player take the object of weapon then gg. he can go 1 week later and just party him and steal him :D

An4rchy · April 19, 2011

no trade to be active need :)...if the player take the object of weapon then gg. he can go 1 week later and just party him and steal him :D

Hmm then it's more complicated... Anyway, it will be fixed soon. As soon as Leluche releases it or someone else...

Azumaril$ · April 19, 2011

Hmm then it's more complicated... Anyway, it will be fixed soon. As soon as Leluche releases it or someone else...

not for sure :D maybe leluche wont post it :)

mg13gr · April 19, 2011

Come on..

Why to post the damn fix?

Keep it for yourself, for fucks sake. We're a goddamn CHEATING community.

ffs

[Share]Fix for steal anything exploit.

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Posts

Topics